Novell Home

CVE-2008-0595

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-0595 at MITRE

Description

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

NVD CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 364532

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • dbus-1 >= 0.60-33.17.3
  • dbus-1-32bit >= 0.60-33.17.3
  • dbus-1-64bit >= 0.60-33.17.3
  • dbus-1-devel >= 0.60-33.17.3
  • dbus-1-devel-doc >= 0.60-33.20.3
  • dbus-1-glib >= 0.60-33.17.3
  • dbus-1-glib-32bit >= 0.60-33.17.3
  • dbus-1-glib-64bit >= 0.60-33.17.3
  • dbus-1-gtk >= 0.60-33.20.3
  • dbus-1-java >= 0.60-33.20.3
  • dbus-1-mono >= 0.60-33.20.3
  • dbus-1-python >= 0.60-33.20.3
  • dbus-1-qt >= 0.60-33.20.3
  • dbus-1-qt-32bit >= 0.60-33.20.3
  • dbus-1-qt-64bit >= 0.60-33.20.3
  • dbus-1-qt-devel >= 0.60-33.20.3
  • dbus-1-qt3 >= 0.60-33.20.3
  • dbus-1-qt3-32bit >= 0.60-33.20.3
  • dbus-1-qt3-64bit >= 0.60-33.20.3
  • dbus-1-qt3-devel >= 0.60-33.20.3
  • dbus-1-x11 >= 0.60-33.20.3

© 2014 Novell